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REMARKS 

This responds to the Office Action mailed on May 16, 2005 , and the references cited 
therewith. 

No claims are amended, canceled, or added; as a result, claims 1-17 remain pending in 
this application. 

^ 102 Rejection of the Claims 

Claims 1-6, 8-13 and 15-17 were rejected under 35 U.S.C. § 102(e) for anticipation by 
Grantges (U.S. 6,324,648, hereinafter "Grantges") or Win et al. (U.S. 6,182,142, hereinafter 
"Win"). Applicant respectfully traverses the rejection on the grounds that the cited references 
fail to teach each element of the claims under consideration. 

For example, claim 1 recites in part: 

"a firewall that is configured to intercept network resource requests from a 
plurality of client users, said firewall being operative to authorize a network 
resource request based upon a comparison of the contents of at least part of one or 
more entries in said at least one directory to an authorization filter, wherein said 
authorization filter is generated based on a directory schema that is predefined by 
said entity." 

This claim specifies that the firewall is operative to authorize a network resource request based 
upon a comparison of the contents. 

The Office Action cites col 1 1, lines 12-43 as teaching these elements of claim 1. 
However, this portion of Grantges describes an "authorization plug-in 42 associated with 
gateway proxy server 40." Referring to FIG. 1 of Grantges reveals that proxy server 40 and the 
associated authorization plug-in 42 are part of an application gateway 38 and not the firewall 32. 
Thus, the firewall 32 of Grantges is not "operative to authorize a network resource request based 
upon a comparison . . ." as claimed. 

This is argument is fiirther supported in Grantges in the paragraph begiiming at col. 4, 
line 33. hi particulate, this paragraph provides, "If authenticated at this level, proxy server 34 
sends the information contained in the client's digital certificate through firewall system 32 to 
gateway 38 to be authenticated at a second, more substanfive level." Grantges, col. 4, lines 48- 
52. This indicates that the authorization is made by the gateway 38 and not the firewall 32. 
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Thus, claim 1 is patentable over Grantges because Grantges fails to teach every claim 
element. 

Claim 1 is also patentable over Win for similar reasons. For example, Win describes 
controlling access to information via an access server 106 and a registry server 108. Win, FIGs. 
1, 2, 4, 5C-E, 6, etc. Win does not describe a firewall configured in accordance with claim 1. 

The Office Action refers to col. 1 1, line 59 through col 12, line 10 as describing "an 
access menu module 412 which uses personalized menu service to build a list of resources that 
the user is authorized to access according to user profile information." However, referring to 
FIG. 4, the access menu module 412 is part of access server 106 and not firewall 118. Thus, Win 
does not describe a firewall as claimed. 

Thus, Applicant respectfully submits that claim 1 is patentable because both Grantges 
and Win fail to teach each and every element of the claim. 

Independent claims 8 and 17 include similar elements as claim 1 and are patentable over 
both Grantges and Win for at least the same reasons. 

Claims 2-6, 9-13, and 15-16 depend, directly or indirectly, from patentable independent 
claims 1 and 8. Thus, claims 2-6, 9-13, and 15-16 are patentable for at least the same reasons. 

Claims 4 and 1 1 are further patentable because Grantges fails to teach a firewall having 
an authorization filter that implements a per-user authentication scheme. Although Grantges 
appears to describe per-user filtering, there is no such teaching of the filtering at the firewall. 
The same holds true for Win. 

Withdrawal of the § 102(e) rejection and allowance of claims 1-6, 8-13 and 15-17 is 
respectfiilly requested. 

Si 103 Rejection of the Claims 

Claims 7 and 14 were rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Grantges and Win et al. and further in view of "Check Point Management Client, Version 1.0, 
1998" (hereinafter "Checkpoint"). Applicant respectfiilly traverses this rejection. 

For example. Check Point is provided to teach "said firewall is configured to query 
multiple directories." However, Check Point fails to cure the deficiencies of both Grantges and 
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Win as described above. Check Point is further deficient as set forth by AppHcant in previous 
submissions. 

Thus, dependent claims 7 and 14 are patentable at least because they depend from 
patentable independent claims 1 and 8, respectively. Withdrav/al of the § 103(a) rejection and 
allowance of claims 7-14 is respectfully requested. 

CONCLUSION 

Applicant respectfully submits that the claims are in condition for allowance, and 
notification to that effect is earnestly requested. The Examiner is invited to telephone 
Applicant's attorney at (612) 373-6909 to facilitate prosecution of this application. 

If necessary, please charge any additional fees or credit overpayment to Deposit Account 
No. 19-0743. 

Respectfully submitted, 
THOMAS D. ASHOFF ET AL. 
By their Representatives, 

SCHWEGMAN, LUNDBERG, WOESSNER & KLUTH, P.A. 
P.O. Box 2938 
Minneapolis, MN 55402 
(612) 371-6909 

na,= fOfA. 17, V)o<r ^. ^kT^l.yT/^^-^-^ 

Thomas F. Brennan 
Reg. No. 35,075 
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